General

MBABANE – The Eswatini Water Services Corporation (EWSC) suspended its digital payment solutions after it was targeted by dangerous and vicious computer software.

With immediate effect, customers were advised that they could not pay their bills through e-Mali, Mobile Money, Cash Plus and Unayo.

The impromptu move is expected to drive thousands of the corporation’s clients to the corporation’s service centres and Eswatini Posts, as an alternative to pay their bills and avoid disconnection. This is if they do not have the means to use electronic bank transfers.

The software handlers, believed to be WA ransmoware, listed EWSC and the Bela-Bela Local Municipality of South Africa as the latest victims of its dark web portal this week. The Bela-Bela Local Municipality is situated in the Waterberg District Municipality within the Southern part of the Limpopo Province.

This prompted the Eswatini Communication Commission (ESCCOM) to launch investigations into the dangerous computer software that is now paralysing digital payment solutions in essential service delivery corporations.

The virus known as WA ransomware is a type of malware which prevents you from accessing your device and the data stored on it, usually by encrypting your files. A criminal group will then demand a ransom in exchange for decryption. The computer itself may become locked, or the data on it might be encrypted, stolen or deleted.

ESCCOM Chief Executive Officer Mvilawemphi Dlamini said the Commission has threat intelligence systems in place that monitor the country’s cybersecurity posture and help identify cyber threats.

“There was an alert from one of these intelligence tools, indicating that there may have been an infiltration of a system in one of Eswatini’s public entities. These alerts have since increased, leading us to realise that Eswatini is at high risk of ransomware attacks,” he said.

Dlamini said ESCCOM is currently conducting further investigations into the matter and actively engaging with relevant stakeholders to establish full details regarding WA ransomware incidents, including confirming whether the WA ransomware group is responsible for these attacks.

“The commission is unfortunately unable to disclose the identity of affected organisations. However, where such a breach involves personally identifiable information, the organisations are expected to report to the Eswatini Data Protection Authority and notify the affected data subjects in line with Section 17 of the Data Protection Act, 2022,” he said.

Dlamini said as the National Cybersecurity Agency, they are concerned about the rising rate of attacks and want to emphasise that organisations should be on high alert.

This warning, he said, is not just restricted to the information technology (IT) teams, but applies to the entire organisation.

“A single employee’s click on a malicious link can infect the entire network. Cybersecurity awareness is a continuous priority and reporting any suspicious activities can help prevent reputational, economic and technical losses caused by ransomware,” he said.

Full details in today’s paper.

ESCCOM Chief Executive Officer Mvilawemphi Dlamini. (Courtesy pic)

An electronic notice sending an alert that WA ransomware has listed the EWSC and Bela-Bela Municipality as targets.